[Freeipa-users] Setup windows AD Sync Failure
Rich Megginson
rmeggins at redhat.com
Thu Mar 3 03:15:03 UTC 2011
On 03/02/2011 07:40 PM, Sayid Munawar wrote:
> Dear,
>
> I have successfully installed freeipa-server 2 rc2. and create some
> test user and tested machine enrollment. now, what i want to do next
> is sync all my windows 2008r2 AD accounts. i've got already get the
> cert needed, and tested it with ldapsearch tools in the same host as
> the freeipa-server. so i assume that AD connection is ok. but when i
> did ipa-manage-replica, it complaints about "Can't connect LDAP
> server". here it is:
>
> [root at yk ~]# ipa-replica-manage connect --winsync --binddn "cn=Fedora
> DS,ou=JogjaCamp,dc=dot,dc=jc" --bindpw "somesecret" --cacert
> /root/jcamp-DC1-buat-389DirServ.cer --passsync secretagain -p
> anothersecret DC1.DOT.JC
>
> Added CA certificate /root/jcamp-DC1-buat-389DirServ.cer to
> certificate database for yk.nix.jc
> ipa: INFO: Failed to connect to AD server dc1.dot.jc
> ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown code ___f
> 13', 'desc': "Can't contact LDAP server"}
> ipa: INFO: Continuning ...
> The user for the Windows PassSync service is
> uid=passsync,cn=sysaccounts,cn=etc,dc=nix,dc=jc
> Windows PassSync entry exists, not resetting password
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> ipa: INFO: Replication Update in progress: FALSE: status: 0 No
> replication sessions started since server startup: start: 0: end: 0
> ipa: INFO: Agreement is ready, starting replication . . .
> Starting replication, please wait until this has completed.
> Can't contact LDAP server
Is your ldap server running after this?
What is your platform?
What version of 389-ds-base? rpm -qi 389-ds-base
> [root at yk ~]#
>
>
> - I have no idea why AD connection is fail here, while it was ok with
> ldapsearch tool. any clue ?
>
> - and one more question: what is --passsync argument for? is it for
> foce setting a "new password" for passsync user, or we have to first
> define a password for passsync user ?
>
> TIA
>
> Sayid Munawar
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110302/586ffdcf/attachment.htm>
More information about the Freeipa-users
mailing list